Auto-maintaining of hashed mirrors

There are concept of hashed mirrors to backup sources preventing link rot:

It is not bot-maintained, so many of the sources are already 404 and not backed up to tarballs.nixos.org.

The most affected are releases which just ended of life (20.03 currently), they are not only stopped receiving security updates, they almost immediately became broken because of link rot of source files which have not been backed up to tarballs.nixos.org.

It might be challenging to create a bot parsing all fetchurl/fetchpatch/fetchgit/fetchFromGitHub (the urls and hashes are often computed), but probably Hydra or OfBorg could assure that everything they download is backed up on the hashed mirrors? That would also reduce the load on upstream websites and tolerate their downtimes.

Introducing something similar for private hashed mirrors would be a great addition too.

3 Likes